Free CCAK Exam Braindumps (page: 4)

Page 4 of 78

An auditor identifies that a CSP received multiple customer inquiries and RFPs during the last month. Which of the following should be the BEST recommendation to reduce the CSP burden?

  1. CSP can share all security reports with customers to streamline the process.
  2. CSP can schedule a call with each customer.
  3. CSP can answer each customer individually.
  4. CSP can direct all customers’ inquiries to the information in the CSA STAR registry.

Answer(s): D

Explanation:


Reference:

https://cloudsecurityalliance.org/star/registry/



Which of the following approaches encompasses social engineering of staff, bypassing of physical access controls and penetration testing?

  1. Blue team
  2. White box
  3. Gray box
  4. Red team

Answer(s): B


Reference:

https://www.isaca.org/resources/isaca-journal/issues/2016/volume-5/planning-for-informationsecurity-testinga-practical-approach



When applying the Top Threats Analysis methodology following an incident, what is the scope of the technical impact identification step?

  1. Determine the impact on the controls that were selected by the organization to respond to identified risks.
  2. Determine the impact on confidentiality, integrity and availability of the information system.
  3. Determine the impact on the financial, operational, compliance and reputation of the organization.
  4. Determine the impact on the physical and environmental security of the organization, excluding informational assets.

Answer(s): D



When performing audits in relation to Business Continuity Management and Operational Resilience strategy, what would be the MOST critical aspect to audit in relation to the strategy of the cloud customer that should be formulated jointly with the cloud service provider?

  1. Validate if the strategy covers unavailability of all components required to operate the business-as-usual or in disrupted mode, in parts or total- when impacted by a disruption.
  2. Validate if the strategy covers all aspects of Business Continuity and Resilience planning, taking inputs from the assessed impact and risks, to consider activities for before, during, and after a disruption.
  3. Validate if the strategy covers all activities required to continue and recover prioritized activities within identified time frames and agreed capacity, aligned to the risk appetite of the organization including the invocation of continuity plans and crisis management capabilities.
  4. Validate if the strategy is developed by both cloud service providers and cloud service consumers within the acceptable limits of their risk appetite.

Answer(s): B



Page 4 of 78



Post your Comments and Discuss ISACA CCAK exam with other Community members:

ccak commented on June 08, 2023
ccak is hard
Anonymous
upvote